Automated discovery and classification
Automatically discover sensitive data from across your entire heterogeneous environment so that you can classify it and begin protecting it.
Automatically analyze risks to sensitive data, from uncovering risky or suspicious user access patterns to uncovering malicious stored procedures or SQL injections, so that you can take action and safeguard sensitive data.
Scan data environments (databases, data warehouses, big data platforms) to detect vulnerabilities and suggest remedial actions. Identify exposures such as missing patches, weak passwords, unauthorized access and changes, misconfigured privileges, and other vulnerabilities, see full reports, and understand progress over time. Vulnerability assessment supports Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Database as a Service (DBaaS) environments.
Data activity monitoring
Continuous real-time monitoring, combined with cognitive analytics and proprietary algorithms, help discover unusual activity related to sensitive data, prevent unauthorized data access, provide alerts on suspicious activities, and protect against internal and external threats. Data is monitored and protected across the enterprise – from on-prem databases and DBaaS to big data platforms and cloud environments.
Blocking, masking, alerting and quarantining
Protect sensitive data at rest and in motion in the manner that best meets the needs of your security policies. Apply static or dynamic data masking. Dynamically block user access to data, or quarantine suspicious user IDs. Send real time alerts to the security team for immediate follow-up on risky or unusual user behavior or access patterns.
Automated compliance and audit support
Aggregate and normalize audit data throughout the enterprise for compliance reporting, correlation, and forensics without requiring native database audit functions. Have audit-friendly data access audit trail supporting separation of duties, and benefit from customizable compliance workflow automation to generate and distribute reports for sign-off and escalation. Pre-packaged, regulation-specific 'accelerators' (such as the GDPR Accelerator) are also included.
Cloud-ready images for major cloud venders
Leverage fully tested and supported images for most major cloud venders. IBM can easily share these images to speed up deployment, so users may start protecting cloud data managed in Infrastructure as a Service (IaaS) environments.
Visibility and control for DBaaS
Monitors DBaaS deployments in AWS RDS and Azure MS SQL, then centralizes this information with activity data collected across your environment to provide a holistic and actionable view of data activities across on-premises and cloud enabled database services.
Support for container-based databases, including MongoDB
IBM Guardium Multi-Cloud Data Protection supports containerized databases, including MongoDB, to provide holistic visibility and protection of sensitive data across your hybrid and multi-cloud environments.
Integration with AWS Database Activity Streams (DAS)
IBM Guardium Multi-Cloud Data Protection expands its existing capabilities for protecting database services by integrating with AWS Database Activity Streams (DAS). IBM Guardium Multi-Cloud Data Protection can monitor and audit Amazon Aurora database activity to quickly identify threats and generate alerts. The integration with AWS Database Activity Streams further helps you take a consistent, proactive approach to data protection across your hybrid and multi-cloud environment.